The 30-Year Remote Internet Access Law That Has Caused Problems Again.

It has recently been disclosed that hackers backed by China have compromised the interception systems of several telecommunications and internet providers in the United States, apparently with the aim of gathering intelligence on American citizens. These interception systems, established under a 30-year-old U.S. federal law, are extremely sensitive and generally allow a limited number of employees to access their customers' information, including online activities and browsing histories, with virtually no restrictions. For those who have warned for years about the security risks associated with these legal "backdoors," these recent breaches represent a lamentable "I told you so" that they had hoped not to experience.

Matt Blaze, a law professor at Georgetown and expert in secure systems, comments that the intrusion was inevitable. The Wall Street Journal reported that a group of Chinese government hackers, known as Salt Typhoon, managed to infiltrate three of the major internet providers in the U.S., including AT&T, Lumen (formerly CenturyLink), and Verizon, accessing systems designed to provide customer data to authorities and governments. It is estimated that these attacks have resulted in a wide-scale collection of internet traffic from these large companies.

The exact targets of this hacking campaign are still unclear, but national security sources are already considering the breach as "potentially catastrophic." Salt Typhoon is one of several hacker units backed by the Chinese government suspected of laying the groundwork for destructive cyberattacks, allegedly in the context of a potential future conflict with the U.S., particularly regarding Taiwan.

Blaze mentions that the intrusions into U.S. interception systems are an example of the malicious use of a backdoor that should only be used for legal purposes. The security community has long argued against these backdoors, claiming that it is technologically impossible to have a "secure backdoor" that cannot be exploited by malicious actors. Riana Pfefferkorn, a Stanford academic and encryption policy expert, states that this hack exposes the lie that the U.S. government needs access to every message and call for security reasons, asserting that this system endangers citizens.

The law that enabled the abuse of these backdoors is the Communications Assistance for Law Enforcement Act (CALEA), which was implemented in 1994, at a time when mobile phones were uncommon and the internet was just beginning to develop. CALEA requires any telecommunications provider to assist the government in accessing customer information when presented with a legal order. Following the September 11, 2001 attacks, surveillance laws expanded significantly, driving the growth of an industry of companies that helped telecommunications comply with these requirements.

The Edward Snowden surveillance scandal in 2013 revealed how the U.S. government and its closest allies collected secret data about external threats, generating strong opposition in Silicon Valley. Since then, tech companies have started to encrypt as much as possible of their customers' data, recognizing that they could not be compelled to hand over information they could not access. However, telecommunications companies have done little to protect users' internet traffic, leaving much of it still accessible through interceptions under CALEA.

This is not only a U.S. problem, but globally, there are ongoing efforts by governments to implement legislation that compromises encryption. In the European Union, some countries are seeking to legally require messaging applications to scan their citizens' private communications for suspicious material. Security experts warn that no technology can meet these demands without risking abuse.

Signal, one of the most recognized encrypted messaging applications, has strongly criticized proposals for backdoors and has pointed out that the recent hack in the U.S. reinforces that such legislation is a serious cyber threat.

It is concluded that the experience with CALEA should be seen as a warning about the dangers associated with backdoors rather than as a model of success.